2010/8/24 Agustín Gañán <[email protected]>:
> Hi again,
>
> Finally I will take another approach in this issue.
> Implementing an LoginModulePlugin (as Vidar suggested) to manage
> authentication and an AccessManagerPlugin to manage authorization.
If all you want is to map LDAP users to Jackrabbit user accounts, an
AccessManagerPlugin should not be necessary - you could use
Jackrabbit's built-in access management (ACLs) for that. But if you
need other kinds of access control logic (e.g. deny/grant access based
on time of day) you would need one.
> Related to this last point, does anyone knows any doc or sample on how
> to do this?
For what it's worth, I can post some pseudo-code from my own codebase:
@Service(AccessManagerPluginFactory.class)
@Component
public class MyAccessManagerPluginFactory implements
AccessManagerPluginFactory {
public AccessManagerPlugin getAccessManager() {
return new MyAccessManagerPlugin();
}
}
public class MyAccessManagerPlugin implements AccessManagerPlugin {
public void init(Subject subject, Session originalSession) {
this.subject = subject;
this.originalSession = originalSession;
Set<Principal> subjectPrincipals = this.subject.getPrincipals();
this.isAdminSession = false;
for (Principal subjectPrincipal : subjectPrincipals) {
if (subjectPrincipal instanceof
org.apache.jackrabbit.core.security.principal.AdminPrincipal) {
this.isAdminSession = true;
break;
}
}
}
public boolean isGranted(String path, int bits) {
if (this.isAdminSession) { return true; }
// Implement custom logic here
}
public boolean canRead(String path) {
return isGranted(path,
org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPlugin.READ);
}
}
The key class here is the o.a.s.j.j.s.s.a.AccessManagerPlugin
interface, which is a simplified version of Jackrabbit's AccessManager
interface. So if you find examples on how to write a Jackrabbit
AccessManager, you should be able to use the same basic ideas in your
code.
--
Vidar S. Ramdal <[email protected]> - http://www.idium.no
Sommerrogata 13-15, N-0255 Oslo, Norway
+ 47 22 00 84 00 / +47 22 00 84 76
Quando omni flunkus moritatus!
